Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
SecurityService |
|
| 1.0;1 |
1 | package org.apache.turbine.services.security; | |
2 | ||
3 | ||
4 | /* | |
5 | * Licensed to the Apache Software Foundation (ASF) under one | |
6 | * or more contributor license agreements. See the NOTICE file | |
7 | * distributed with this work for additional information | |
8 | * regarding copyright ownership. The ASF licenses this file | |
9 | * to you under the Apache License, Version 2.0 (the | |
10 | * "License"); you may not use this file except in compliance | |
11 | * with the License. You may obtain a copy of the License at | |
12 | * | |
13 | * http://www.apache.org/licenses/LICENSE-2.0 | |
14 | * | |
15 | * Unless required by applicable law or agreed to in writing, | |
16 | * software distributed under the License is distributed on an | |
17 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
18 | * KIND, either express or implied. See the License for the | |
19 | * specific language governing permissions and limitations | |
20 | * under the License. | |
21 | */ | |
22 | ||
23 | ||
24 | import org.apache.fulcrum.security.acl.AccessControlList; | |
25 | import org.apache.fulcrum.security.entity.Group; | |
26 | import org.apache.fulcrum.security.entity.Permission; | |
27 | import org.apache.fulcrum.security.entity.Role; | |
28 | import org.apache.fulcrum.security.util.DataBackendException; | |
29 | import org.apache.fulcrum.security.util.EntityExistsException; | |
30 | import org.apache.fulcrum.security.util.GroupSet; | |
31 | import org.apache.fulcrum.security.util.PasswordMismatchException; | |
32 | import org.apache.fulcrum.security.util.PermissionSet; | |
33 | import org.apache.fulcrum.security.util.RoleSet; | |
34 | import org.apache.fulcrum.security.util.UnknownEntityException; | |
35 | import org.apache.turbine.om.security.DefaultUserImpl; | |
36 | import org.apache.turbine.om.security.User; | |
37 | import org.apache.turbine.services.Service; | |
38 | import org.apache.turbine.services.security.passive.PassiveUserManager; | |
39 | ||
40 | /** | |
41 | * <p> | |
42 | * The Security Service manages Users, Groups Roles and Permissions in the | |
43 | * system. | |
44 | * </p> | |
45 | * | |
46 | * <p> | |
47 | * The task performed by the security service include creation and removal of | |
48 | * accounts, groups, roles, and permissions; assigning users roles in groups; | |
49 | * assigning roles specific permissions and construction of objects | |
50 | * representing these logical entities. | |
51 | * </p> | |
52 | * | |
53 | * <p> | |
54 | * Because of pluggable nature of the Services, it is possible to create | |
55 | * multiple implementations of SecurityService, for example employing database | |
56 | * and directory server as the data backend. | |
57 | * </p> | |
58 | * | |
59 | * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> | |
60 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> | |
61 | * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> | |
62 | * @version $Id: SecurityService.java 1850675 2019-01-07 18:48:42Z painter $ | |
63 | */ | |
64 | public interface SecurityService | |
65 | extends Service | |
66 | { | |
67 | /** The name of the service */ | |
68 | String SERVICE_NAME = "SecurityService"; | |
69 | ||
70 | /** | |
71 | * the key within services's properties for user manager implementation | |
72 | * classname (user.manager) | |
73 | */ | |
74 | String USER_MANAGER_KEY = "user.manager"; | |
75 | ||
76 | /** | |
77 | * the default implementation of UserManager interface | |
78 | * (org.apache.turbine.services.security.passive.PassiveUserManager) | |
79 | */ | |
80 | String USER_MANAGER_DEFAULT | |
81 | = PassiveUserManager.class.getName(); | |
82 | ||
83 | /** | |
84 | * the key within services's properties for user implementation | |
85 | * classname (wrapper.class) | |
86 | */ | |
87 | String USER_WRAPPER_KEY = "wrapper.class"; | |
88 | ||
89 | /** | |
90 | * the default implementation of {@link User} interface | |
91 | * (org.apache.turbine.om.security.DefaultUserImpl) | |
92 | */ | |
93 | String USER_WRAPPER_DEFAULT | |
94 | = DefaultUserImpl.class.getName(); | |
95 | ||
96 | ||
97 | /*----------------------------------------------------------------------- | |
98 | Management of User objects | |
99 | -----------------------------------------------------------------------*/ | |
100 | ||
101 | /** | |
102 | * Construct a blank User object. | |
103 | * | |
104 | * @param <U> user class | |
105 | * @return an object implementing User interface. | |
106 | * @throws UnknownEntityException if the object could not be instantiated. | |
107 | */ | |
108 | <U extends User> U getUserInstance() | |
109 | throws UnknownEntityException; | |
110 | ||
111 | /** | |
112 | * Construct a blank User object. | |
113 | * | |
114 | * @param <U> user class | |
115 | * @param userName The name of the user. | |
116 | * | |
117 | * @return an object implementing User interface. | |
118 | * @throws UnknownEntityException if the object could not be instantiated. | |
119 | */ | |
120 | <U extends User> U getUserInstance(String userName) | |
121 | throws UnknownEntityException; | |
122 | ||
123 | /** | |
124 | * Construct a blank Group object. | |
125 | * | |
126 | * @param <G> group class | |
127 | * @return an object implementing Group interface. | |
128 | * @throws UnknownEntityException if the object could not be instantiated. | |
129 | */ | |
130 | <G extends Group> G getGroupInstance() | |
131 | throws UnknownEntityException; | |
132 | ||
133 | /** | |
134 | * Construct a blank Group object. | |
135 | * | |
136 | * @param <G> group class | |
137 | * @param groupName The name of the Group | |
138 | * | |
139 | * @return an object implementing Group interface. | |
140 | * @throws UnknownEntityException if the object could not be instantiated. | |
141 | */ | |
142 | <G extends Group> G getGroupInstance(String groupName) | |
143 | throws UnknownEntityException; | |
144 | ||
145 | /** | |
146 | * Construct a blank Permission object. | |
147 | * | |
148 | * @param <P> permission class | |
149 | * @return an object implementing Permission interface. | |
150 | * @throws UnknownEntityException if the object could not be instantiated. | |
151 | */ | |
152 | <P extends Permission> P getPermissionInstance() | |
153 | throws UnknownEntityException; | |
154 | ||
155 | /** | |
156 | * Construct a blank Permission object. | |
157 | * | |
158 | * @param <P> permission class | |
159 | * @param permName The name of the Permission | |
160 | * | |
161 | * @return an object implementing Permission interface. | |
162 | * @throws UnknownEntityException if the object could not be instantiated. | |
163 | */ | |
164 | <P extends Permission> P getPermissionInstance(String permName) | |
165 | throws UnknownEntityException; | |
166 | ||
167 | /** | |
168 | * Construct a blank Role object. | |
169 | * | |
170 | * @param <R> role class | |
171 | * @return an object implementing Role interface. | |
172 | * @throws UnknownEntityException if the object could not be instantiated. | |
173 | */ | |
174 | <R extends Role> R getRoleInstance() | |
175 | throws UnknownEntityException; | |
176 | ||
177 | /** | |
178 | * Construct a blank Role object. | |
179 | * | |
180 | * @param <R> role class | |
181 | * @param roleName The name of the Role | |
182 | * | |
183 | * @return an object implementing Role interface. | |
184 | * @throws UnknownEntityException if the object could not be instantiated. | |
185 | */ | |
186 | <R extends Role> R getRoleInstance(String roleName) | |
187 | throws UnknownEntityException; | |
188 | ||
189 | /** | |
190 | * Returns the configured UserManager. | |
191 | * | |
192 | * @return An UserManager object | |
193 | */ | |
194 | UserManager getUserManager(); | |
195 | ||
196 | /** | |
197 | * Check whether a specified user's account exists. | |
198 | * | |
199 | * The login name is used for looking up the account. | |
200 | * | |
201 | * @param userName The user to be checked. | |
202 | * @return true if the specified account exists | |
203 | * @throws DataBackendException if there was an error accessing the data | |
204 | * backend. | |
205 | */ | |
206 | boolean accountExists(String userName) | |
207 | throws DataBackendException; | |
208 | ||
209 | /** | |
210 | * Check whether a specified user's account exists. | |
211 | * An User object is used for looking up the account. | |
212 | * | |
213 | * @param user The user object to be checked. | |
214 | * @return true if the specified account exists | |
215 | * @throws DataBackendException if there was an error accessing the data | |
216 | * backend. | |
217 | */ | |
218 | boolean accountExists(User user) | |
219 | throws DataBackendException; | |
220 | ||
221 | /** | |
222 | * Authenticates an user, and constructs an User object to represent | |
223 | * him/her. | |
224 | * | |
225 | * @param <U> user class | |
226 | * @param username The user name. | |
227 | * @param password The user password. | |
228 | * @return An authenticated Turbine User. | |
229 | * @throws DataBackendException if there was an error accessing the data | |
230 | * backend. | |
231 | * @throws UnknownEntityException if user account is not present. | |
232 | * @throws PasswordMismatchException if the supplied password was incorrect. | |
233 | */ | |
234 | <U extends User> U getAuthenticatedUser(String username, String password) | |
235 | throws DataBackendException, UnknownEntityException, | |
236 | PasswordMismatchException; | |
237 | ||
238 | /** | |
239 | * Constructs an User object to represent a registered user of the | |
240 | * application. | |
241 | * | |
242 | * @param <U> user class | |
243 | * @param username The user name. | |
244 | * @return A Turbine User. | |
245 | * @throws DataBackendException if there was an error accessing the data | |
246 | * backend. | |
247 | * @throws UnknownEntityException if user account is not present. | |
248 | */ | |
249 | <U extends User> U getUser(String username) | |
250 | throws DataBackendException, UnknownEntityException; | |
251 | ||
252 | /** | |
253 | * Constructs an User object to represent an anonymous user of the | |
254 | * application. | |
255 | * | |
256 | * @param <U> user class | |
257 | * @return An anonymous Turbine User. | |
258 | * @throws UnknownEntityException if the anonymous User object couldn't be | |
259 | * constructed. | |
260 | */ | |
261 | <U extends User> U getAnonymousUser() | |
262 | throws UnknownEntityException; | |
263 | ||
264 | /** | |
265 | * Checks whether a passed user object matches the anonymous user pattern | |
266 | * according to the configured user manager | |
267 | * | |
268 | * @param u a user object | |
269 | * @return True if this is an anonymous user | |
270 | * | |
271 | */ | |
272 | boolean isAnonymousUser(User u); | |
273 | ||
274 | /** | |
275 | * Saves User's data in the permanent storage. The user account is required | |
276 | * to exist in the storage. | |
277 | * | |
278 | * @param user the user object to save | |
279 | * @throws UnknownEntityException if the user's account does not | |
280 | * exist in the database. | |
281 | * @throws DataBackendException if there is a problem accessing the storage. | |
282 | */ | |
283 | void saveUser(User user) | |
284 | throws UnknownEntityException, DataBackendException; | |
285 | ||
286 | /** | |
287 | * Saves User data when the session is unbound. The user account is required | |
288 | * to exist in the storage. | |
289 | * | |
290 | * LastLogin, AccessCounter, persistent pull tools, and any data stored | |
291 | * in the permData hashtable that is not mapped to a column will be saved. | |
292 | * | |
293 | * @param user the user object | |
294 | * | |
295 | * @throws UnknownEntityException if the user's account does not | |
296 | * exist in the database. | |
297 | * @throws DataBackendException if there is a problem accessing the | |
298 | * storage. | |
299 | */ | |
300 | void saveOnSessionUnbind(User user) | |
301 | throws UnknownEntityException, DataBackendException; | |
302 | ||
303 | /*----------------------------------------------------------------------- | |
304 | Account management | |
305 | -----------------------------------------------------------------------*/ | |
306 | ||
307 | /** | |
308 | * Creates new user account with specified attributes. | |
309 | * | |
310 | * @param user the object describing account to be created. | |
311 | * @param password The password to use. | |
312 | * @throws DataBackendException if there was an error accessing the data | |
313 | * backend. | |
314 | * @throws EntityExistsException if the user account already exists. | |
315 | * @throws UnknownEntityException if the provided user does not exist (is null) | |
316 | */ | |
317 | void addUser(User user, String password) | |
318 | throws DataBackendException, EntityExistsException, UnknownEntityException; | |
319 | ||
320 | /** | |
321 | * Removes an user account from the system. | |
322 | * | |
323 | * @param user the object describing the account to be removed. | |
324 | * @throws DataBackendException if there was an error accessing the data | |
325 | * backend. | |
326 | * @throws UnknownEntityException if the user account is not present. | |
327 | */ | |
328 | void removeUser(User user) | |
329 | throws DataBackendException, UnknownEntityException; | |
330 | ||
331 | /*----------------------------------------------------------------------- | |
332 | Management of passwords | |
333 | -----------------------------------------------------------------------*/ | |
334 | ||
335 | /** | |
336 | * Change the password for an User. | |
337 | * | |
338 | * @param user an User to change password for. | |
339 | * @param oldPassword the current password supplied by the user. | |
340 | * @param newPassword the current password requested by the user. | |
341 | * @throws PasswordMismatchException if the supplied password was | |
342 | * incorrect. | |
343 | * @throws UnknownEntityException if the user's record does not | |
344 | * exist in the database. | |
345 | * @throws DataBackendException if there is a problem accessing the | |
346 | * storage. | |
347 | */ | |
348 | void changePassword(User user, String oldPassword, | |
349 | String newPassword) | |
350 | throws PasswordMismatchException, UnknownEntityException, | |
351 | DataBackendException; | |
352 | ||
353 | /** | |
354 | * Forcibly sets new password for an User. | |
355 | * | |
356 | * This is supposed by the administrator to change the forgotten or | |
357 | * compromised passwords. Certain implementatations of this feature | |
358 | * would require administrative level access to the authenticating | |
359 | * server / program. | |
360 | * | |
361 | * @param user an User to change password for. | |
362 | * @param password the new password. | |
363 | * @throws UnknownEntityException if the user's record does not | |
364 | * exist in the database. | |
365 | * @throws DataBackendException if there is a problem accessing the | |
366 | * storage. | |
367 | */ | |
368 | void forcePassword(User user, String password) | |
369 | throws UnknownEntityException, DataBackendException; | |
370 | ||
371 | /*----------------------------------------------------------------------- | |
372 | Retrieval of security information | |
373 | -----------------------------------------------------------------------*/ | |
374 | ||
375 | /** | |
376 | * Constructs an AccessControlList for a specific user. | |
377 | * | |
378 | * @param <A> ACL class | |
379 | * @param user the user for whom the AccessControlList are to be retrieved | |
380 | * @return A new AccessControlList object. | |
381 | * @throws DataBackendException if there was an error accessing the data backend. | |
382 | * @throws UnknownEntityException if user account is not present. | |
383 | */ | |
384 | <A extends AccessControlList> A getACL(User user) | |
385 | throws DataBackendException, UnknownEntityException; | |
386 | ||
387 | /** | |
388 | * Retrieves all permissions associated with a role. | |
389 | * | |
390 | * @param role the role name, for which the permissions are to be retrieved. | |
391 | * @return the permissions associated with the role | |
392 | * @throws DataBackendException if there was an error accessing the data | |
393 | * backend. | |
394 | * @throws UnknownEntityException if the role is not present. | |
395 | */ | |
396 | PermissionSet getPermissions(Role role) | |
397 | throws DataBackendException, UnknownEntityException; | |
398 | ||
399 | /*----------------------------------------------------------------------- | |
400 | Manipulation of security information | |
401 | -----------------------------------------------------------------------*/ | |
402 | ||
403 | /** | |
404 | * Grant an User a Role in a Group. | |
405 | * | |
406 | * @param user the user. | |
407 | * @param group the group. | |
408 | * @param role the role. | |
409 | * @throws DataBackendException if there was an error accessing the data | |
410 | * backend. | |
411 | * @throws UnknownEntityException if user account, group or role is not | |
412 | * present. | |
413 | */ | |
414 | void grant(User user, Group group, Role role) | |
415 | throws DataBackendException, UnknownEntityException; | |
416 | ||
417 | /** | |
418 | * Revoke a Role in a Group from an User. | |
419 | * | |
420 | * @param user the user. | |
421 | * @param group the group. | |
422 | * @param role the role. | |
423 | * @throws DataBackendException if there was an error accessing the data | |
424 | * backend. | |
425 | * @throws UnknownEntityException if user account, group or role is not | |
426 | * present. | |
427 | */ | |
428 | void revoke(User user, Group group, Role role) | |
429 | throws DataBackendException, UnknownEntityException; | |
430 | ||
431 | /** | |
432 | * Revokes all roles from an User. | |
433 | * | |
434 | * This method is used when deleting an account. | |
435 | * | |
436 | * @param user the User. | |
437 | * @throws DataBackendException if there was an error accessing the data | |
438 | * backend. | |
439 | * @throws UnknownEntityException if the account is not present. | |
440 | */ | |
441 | void revokeAll(User user) | |
442 | throws DataBackendException, UnknownEntityException; | |
443 | ||
444 | /** | |
445 | * Grants a Role a Permission | |
446 | * | |
447 | * @param role the Role. | |
448 | * @param permission the Permission. | |
449 | * @throws DataBackendException if there was an error accessing the data | |
450 | * backend. | |
451 | * @throws UnknownEntityException if role or permission is not present. | |
452 | */ | |
453 | void grant(Role role, Permission permission) | |
454 | throws DataBackendException, UnknownEntityException; | |
455 | ||
456 | /** | |
457 | * Revokes a Permission from a Role. | |
458 | * | |
459 | * @param role the Role. | |
460 | * @param permission the Permission. | |
461 | * @throws DataBackendException if there was an error accessing the data | |
462 | * backend. | |
463 | * @throws UnknownEntityException if role or permission is not present. | |
464 | */ | |
465 | void revoke(Role role, Permission permission) | |
466 | throws DataBackendException, UnknownEntityException; | |
467 | ||
468 | /** | |
469 | * Revokes all permissions from a Role. | |
470 | * | |
471 | * This method is user when deleting a Role. | |
472 | * | |
473 | * @param role the Role | |
474 | * @throws DataBackendException if there was an error accessing the data | |
475 | * backend. | |
476 | * @throws UnknownEntityException if the Role is not present. | |
477 | */ | |
478 | void revokeAll(Role role) | |
479 | throws DataBackendException, UnknownEntityException; | |
480 | ||
481 | /** | |
482 | * Revokes by default all permissions from a Role and if flag is set | |
483 | * all groups and users for this role | |
484 | * | |
485 | * This method is used when deleting a Role. | |
486 | * | |
487 | * @param role | |
488 | * the Role | |
489 | * @param cascadeDelete | |
490 | * if <code>true </code> removes all groups and user for this role. | |
491 | * @throws DataBackendException | |
492 | * if there was an error accessing the data backend. | |
493 | * @throws UnknownEntityException | |
494 | * if the Role is not present. | |
495 | */ | |
496 | void revokeAll( Role role, boolean cascadeDelete ) | |
497 | throws DataBackendException, UnknownEntityException; | |
498 | ||
499 | /*----------------------------------------------------------------------- | |
500 | Retrieval & storage of SecurityObjects | |
501 | -----------------------------------------------------------------------*/ | |
502 | ||
503 | /** | |
504 | * Provides a reference to the Group object that represents the | |
505 | * <a href="#global">global group</a>. | |
506 | * | |
507 | * @param <G> group class | |
508 | * @return A Group object that represents the global group. | |
509 | */ | |
510 | <G extends Group> G getGlobalGroup(); | |
511 | ||
512 | /** | |
513 | * Retrieve a Group object with specified name. | |
514 | * | |
515 | * @param <G> group class | |
516 | * @param name the name of the Group. | |
517 | * @return an object representing the Group with specified name. | |
518 | * @throws DataBackendException if there was an error accessing the data | |
519 | * backend. | |
520 | * @throws UnknownEntityException if the group does not exist. | |
521 | */ | |
522 | <G extends Group> G getGroupByName(String name) | |
523 | throws DataBackendException, UnknownEntityException; | |
524 | ||
525 | /** | |
526 | * Retrieve a Group object with specified Id. | |
527 | * | |
528 | * @param <G> group class | |
529 | * @param id the id of the Group. | |
530 | * | |
531 | * @return an object representing the Group with specified name. | |
532 | * | |
533 | * @throws UnknownEntityException if the permission does not | |
534 | * exist in the database. | |
535 | * @throws DataBackendException if there is a problem accessing the | |
536 | * storage. | |
537 | */ | |
538 | <G extends Group> G getGroupById(int id) | |
539 | throws DataBackendException, | |
540 | UnknownEntityException; | |
541 | ||
542 | /** | |
543 | * Retrieve a Role object with specified name. | |
544 | * | |
545 | * @param <R> role class | |
546 | * @param name the name of the Role. | |
547 | * @return an object representing the Role with specified name. | |
548 | * @throws DataBackendException if there was an error accessing the data | |
549 | * backend. | |
550 | * @throws UnknownEntityException if the role does not exist. | |
551 | */ | |
552 | <R extends Role> R getRoleByName(String name) | |
553 | throws DataBackendException, UnknownEntityException; | |
554 | ||
555 | /** | |
556 | * Retrieve a Role object with specified Id. | |
557 | * | |
558 | * @param <R> role class | |
559 | * @param id the id of the Role. | |
560 | * | |
561 | * @return an object representing the Role with specified name. | |
562 | * | |
563 | * @throws UnknownEntityException if the permission does not | |
564 | * exist in the database. | |
565 | * @throws DataBackendException if there is a problem accessing the | |
566 | * storage. | |
567 | */ | |
568 | <R extends Role> R getRoleById(int id) | |
569 | throws DataBackendException, | |
570 | UnknownEntityException; | |
571 | ||
572 | /** | |
573 | * Retrieve a Permission object with specified name. | |
574 | * | |
575 | * @param <P> permission class | |
576 | * @param name the name of the Permission. | |
577 | * @return an object representing the Permission with specified name. | |
578 | * @throws DataBackendException if there was an error accessing the data | |
579 | * backend. | |
580 | * @throws UnknownEntityException if the permission does not exist. | |
581 | */ | |
582 | <P extends Permission> P getPermissionByName(String name) | |
583 | throws DataBackendException, UnknownEntityException; | |
584 | ||
585 | /** | |
586 | * Retrieve a Permission object with specified Id. | |
587 | * | |
588 | * @param <P> permission class | |
589 | * @param id the id of the Permission. | |
590 | * | |
591 | * @return an object representing the Permission with specified name. | |
592 | * | |
593 | * @throws UnknownEntityException if the permission does not | |
594 | * exist in the database. | |
595 | * @throws DataBackendException if there is a problem accessing the | |
596 | * storage. | |
597 | */ | |
598 | <P extends Permission> P getPermissionById(int id) | |
599 | throws DataBackendException, | |
600 | UnknownEntityException; | |
601 | ||
602 | /** | |
603 | * Retrieves all groups defined in the system. | |
604 | * | |
605 | * @return the names of all groups defined in the system. | |
606 | * @throws DataBackendException if there was an error accessing the data | |
607 | * backend. | |
608 | */ | |
609 | GroupSet getAllGroups() | |
610 | throws DataBackendException; | |
611 | ||
612 | /** | |
613 | * Retrieves all roles defined in the system. | |
614 | * | |
615 | * @return the names of all roles defined in the system. | |
616 | * @throws DataBackendException if there was an error accessing the data | |
617 | * backend. | |
618 | */ | |
619 | RoleSet getAllRoles() | |
620 | throws DataBackendException; | |
621 | ||
622 | /** | |
623 | * Retrieves all permissions defined in the system. | |
624 | * | |
625 | * @return the names of all roles defined in the system. | |
626 | * @throws DataBackendException if there was an error accessing the data | |
627 | * backend. | |
628 | */ | |
629 | PermissionSet getAllPermissions() | |
630 | throws DataBackendException; | |
631 | ||
632 | /*----------------------------------------------------------------------- | |
633 | Group/Role/Permission management | |
634 | -----------------------------------------------------------------------*/ | |
635 | ||
636 | /** | |
637 | * Creates a new group with specified attributes. | |
638 | * | |
639 | * @param <G> group class | |
640 | * @param group the object describing the group to be created. | |
641 | * @return the new Group object. | |
642 | * @throws DataBackendException if there was an error accessing the data | |
643 | * backend. | |
644 | * @throws EntityExistsException if the group already exists. | |
645 | */ | |
646 | <G extends Group> G addGroup(G group) | |
647 | throws DataBackendException, EntityExistsException; | |
648 | ||
649 | /** | |
650 | * Creates a new role with specified attributes. | |
651 | * | |
652 | * @param <R> role class | |
653 | * @param role The object describing the role to be created. | |
654 | * @return the new Role object. | |
655 | * @throws DataBackendException if there was an error accessing the data | |
656 | * backend. | |
657 | * @throws EntityExistsException if the role already exists. | |
658 | */ | |
659 | <R extends Role> R addRole(R role) | |
660 | throws DataBackendException, EntityExistsException; | |
661 | ||
662 | /** | |
663 | * Creates a new permission with specified attributes. | |
664 | * | |
665 | * @param <P> permission class | |
666 | * @param permission The object describing the permission to be created. | |
667 | * @return the new Permission object. | |
668 | * @throws DataBackendException if there was an error accessing the data | |
669 | * backend. | |
670 | * @throws EntityExistsException if the permission already exists. | |
671 | */ | |
672 | <P extends Permission> P addPermission(P permission) | |
673 | throws DataBackendException, EntityExistsException; | |
674 | ||
675 | /** | |
676 | * Removes a Group from the system. | |
677 | * | |
678 | * @param group The object describing the group to be removed. | |
679 | * @throws DataBackendException if there was an error accessing the data | |
680 | * backend. | |
681 | * @throws UnknownEntityException if the group does not exist. | |
682 | */ | |
683 | void removeGroup(Group group) | |
684 | throws DataBackendException, UnknownEntityException; | |
685 | ||
686 | /** | |
687 | * Removes a Role from the system. | |
688 | * | |
689 | * @param role The object describing the role to be removed. | |
690 | * @throws DataBackendException if there was an error accessing the data | |
691 | * backend. | |
692 | * @throws UnknownEntityException if the role does not exist. | |
693 | */ | |
694 | void removeRole(Role role) | |
695 | throws DataBackendException, UnknownEntityException; | |
696 | ||
697 | /** | |
698 | * Removes a Permission from the system. | |
699 | * | |
700 | * @param permission The object describing the permission to be removed. | |
701 | * @throws DataBackendException if there was an error accessing the data | |
702 | * backend. | |
703 | * @throws UnknownEntityException if the permission does not exist. | |
704 | */ | |
705 | void removePermission(Permission permission) | |
706 | throws DataBackendException, UnknownEntityException; | |
707 | ||
708 | /** | |
709 | * Renames an existing Group. | |
710 | * | |
711 | * @param group The object describing the group to be renamed. | |
712 | * @param name the new name for the group. | |
713 | * @throws DataBackendException if there was an error accessing the data | |
714 | * backend. | |
715 | * @throws UnknownEntityException if the group does not exist. | |
716 | */ | |
717 | void renameGroup(Group group, String name) | |
718 | throws DataBackendException, UnknownEntityException; | |
719 | ||
720 | /** | |
721 | * Renames an existing Role. | |
722 | * | |
723 | * @param role The object describing the role to be renamed. | |
724 | * @param name the new name for the role. | |
725 | * @throws DataBackendException if there was an error accessing the data | |
726 | * backend. | |
727 | * @throws UnknownEntityException if the role does not exist. | |
728 | */ | |
729 | void renameRole(Role role, String name) | |
730 | throws DataBackendException, UnknownEntityException; | |
731 | ||
732 | /** | |
733 | * Renames an existing Permission. | |
734 | * | |
735 | * @param permission The object describing the permission to be renamed. | |
736 | * @param name the new name for the permission. | |
737 | * @throws DataBackendException if there was an error accessing the data | |
738 | * backend. | |
739 | * @throws UnknownEntityException if the permission does not exist. | |
740 | */ | |
741 | void renamePermission(Permission permission, String name) | |
742 | throws DataBackendException, UnknownEntityException; | |
743 | /** | |
744 | * Replaces transactionally the first given role with the second role for the given user. | |
745 | * | |
746 | * @param user the user. | |
747 | * @param role the old role | |
748 | * @param newRole the new role | |
749 | * | |
750 | * @throws DataBackendException if there was an error accessing the data | |
751 | * backend. | |
752 | * @throws UnknownEntityException if the permission does not exist. | |
753 | */ | |
754 | void replaceRole( User user, Role role, Role newRole ) | |
755 | throws DataBackendException, UnknownEntityException; | |
756 | ||
757 | } |